AARP presents a webinar to help you ID the “bad guys”

I highly recommend anyone sign up and watch these webinars. Be smart and protect yourself!

They look like the real thing, but they’re really just impostors after your identity and your money. It’s not too late to learn how to recognize and protect yourself from these clever con artists.
Don’t wait—sign up for AARP’s free, two‑part webinar today. Experts from AARP and the FTC will answer your questions live and teach you about romance scams and government impostor scams—two of the most common varieties. You’ll learn how they target people on dating sites and how they pretend to be government representatives.
Discover the local and national resources available to you. Protect yourself by registering now for this must‑see webinar from AARP.


The Impostors: Keeping Yourself Safe From Scammers
Part 1: Valentines, Candy & Online Romance Scams
Tuesday, February 5, 2019, 7 p.m. ET
Part 2: Fake Tax Bills: Protecting Yourself From the IRS Scam
Thursday, February 7, 2019, 7 p.m. ET

AARP Membership Newsletter

Register here

Even if you cannot attend the live webinar, register anyway and they will email you the recording and you can watch it anytime!

“I’m too little; I have nothing of value…”

An all too frequent refrain from customers when I approach them about securing their network with a firewall or a software based Security Suite. However, you ARE valuable to the bad guys and the “little guy” is the new “ripe” target as the “bad guys” have now aggressively automated their attacks with bots. They no longer care about making dollars off of your data (although you’d be surprised what some “insignificant” data is worth) — it’s all about the cents. Your data bundled together with enough others starts adding up to real money. Remember — it’s computers doing all the sorting; one “bad guy” can launch A LOT of attacks and make a nice bit of money on the side.

Don’t want to believe me? How about what Dale Drew of CSO magazine had to say in October 2017:

“But here’s a sobering thought: every second, potential cyber victims are hit with roughly 15,000 malware attempts, 15,000 phishing attempts and 8,000 scans for known vulnerabilities or exposures..”

“So, while we may not always see them, cyberattacks are nevertheless ongoing. In fact, we’re witnessing a sharp and sustained increase in attacks over the public internet just within 2017.”

Source: https://www.csoonline.com/article/3235028/security/no-target-too-small-no-industry-untouched.html

Mr. Drew continues: “A recent Incapsula report found more than 50 percent of all web traffic is botnet traffic, rather than traffic initiated by human beings. While roughly 23 percent of botnet traffic is attributed to “good” bots like search engines and feed fetchers, approximately 29 percent of bot traffic is classified as the handiwork of bad actors or automated systems scanning for exposures.”

“In the last month or so, alone, automated attacks hit some honeypots upwards of 750,000 times in a single day.”

“In other words, the bad guys don’t even have to keep their fingers on their keyboards to successfully infiltrate as many networks and machines as possible; their bots are doing it for them.”

I would encourage you to read his entire article and start considering security on your computer the same way you think about it for your home or other property. The Internet is a wondrous place full of information but it is also still the “wild west” — you need to be cautious.

daviestrek Consulting is here to help you “secure the ranch.” we can assist with helping you make your passwords more secure, install a Security Suite on your individual machine, or install a Firewall for your network that’s far more robust than a big box store router or the router provided by your ISP. All of these items are very affordable and can even be billed out monthly if that fits your budget better.

Coldroot will have you seeing red

As reported by Zach Whittaker at ZD Net’s Zero Day (http://www.zdnet.com/article/coldroot-nasty-mac-trojan-went-undetected-for-years/) Macs have been targets of the “Bad Guys” for years. Only recently has a very old Trojan seen the light of day: Coldroot.

These types of Trojans can act as key loggers (logging everything you type) and even act as the user with full remote control.

Antivirus vendors should be scanning for this in the near future.

 

Read the full article here: http://www.zdnet.com/article/coldroot-nasty-mac-trojan-went-undetected-for-years/

Microsoft Releases More Win10 Updates

Paul Thurrott (http://www.thurrott.com) just reported that Microsoft has updated the shipping versions of Windows 10 again this month. It’s another Cumulative Update so you’ll need to reboot your machine after the update gets installed. With all the Bad Guy activity going on, it’s not really surprising to me. While it’s a pain in the rear to have to reboot so often, I take solace in the fact that Microsoft is ACTIVELY trying to keep the OS patched.

Paul has all the details of what’s included in the Update here:
https://www.thurrott.com/windows/windows-10/120470/microsoft-updates-shipping-versions-windows-10-6?_hsenc=p2ANqtz-97Df9Gwmt8493Tt9ml8c0JrEM9vQ1-ipr3S4eli95oFcNNiKLKN3C2HGdPdItgqLiGDHqGNY1NPrgc1RIIsPUcV6hY3w&_hsmi=53681954

Another Day, Another Ransomware Attack: “Nyetya”

The Bad Guys know no shame. It appears they’re going to try every one of the tricks that was leaked from the NSA tool kit. Oh, goody. I’m saying “nyet” to “Nyetya”.

If you have servers (or even one server) you need to make sure you have all the latest patches from your Server Software Vendor — besides Microsoft that also extends to Linux (and all the variants) and even Apple products. There is no “safe” operating system from these latest attacks. Your computer (workstation) is the perfect delivery mechanism for the server attack so it’s important you keep whatever Security Suite you have up to date and fully patched. (I’m assuming you’re already keeping up with all the Microsoft and other Operating System Vendor updates regularly, right?!?)

We can provide assistance with patching all of your equipment and we also sell the Trend Micro Security Suite. We can cover your servers and your workstations (even your mobile devices) with some of the very best protection available on the Internet. You can book us online at http://connect.daviestrek.net and we’d be happy to assist you in keeping the Bad Guys at bay.

Want to know more about this latest round? Here are a couple of really good informational sources.

From Trend Micro: https://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/?mkt_tok=eyJpIjoiWkdJMk16WXhOVFkyTkdFMCIsInQiOiJyTUtqZlJldHVOMVZIQjZMZDd1VGhzYVwvWTFLdGQ2Ym5CQWpIT2xPVUlJRTc4blRBdGVwelVFR1pPUW1RM0hocDYyS2loUnBPMXN0TWQ3V2hRbjl2WFwvRE9mRTd6OXJrT1dMTWQ5bmdxNGdzaWphTFwvWW5rV2tJUDNUMzZFbE1YSiJ9

From Cisco’s Talos Intelligence Group’s Blog: http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html

The New Normal? The Bad Guys and You Part 2: The Smack Down

In Part 1 we talked about what the Bad Guys could potentially gain from targeting you and your “nothing worth stealing.” But I think you saw that maybe you do have something worth stealing after all.

“Great, guess I’ll throw out the computer and no more email!”
Probably not a good idea and certainly not practical. It’s better to understand what you can do to protect yourself. Please allow me to digress for a moment into an analogy. It used to be that one could leave their doors unlocked and not worry about getting robbed. You can still leave your doors unlocked, but if you do get robbed — what do you think is the first question the Police and Insurance Company will ask? How much help do you think they will really be?
So we all put locks on our doors. That involved us carrying keys. The hassle!! Some decided to leave them under the mat or in a fake rock (or fake dog poo) near the door. That’s pretty handy. The criminals think so too. That turned out to be almost as useless as just leaving the door open.
So we get fancier locks. Something with a punch code. That’s pretty great until the battery dies in the unit (you forgot to replace it) and you still need the key to get in. (Did I leave it under that suspicious looking dog poo?…)

“There’s no way to win so why bother?”
For the same reasons you still lock your door and hassle with the key, you should be taking the time to create yourself a password scheme that includes upper and lower case letters, special characters (!@#$%^&*), and numbers. Have a minimum of nine characters — 12 and above is much better. Having a passphrase is often quite helpful. Don’t include personally identifiable info in your password (e.g. names — yourself, significant other, kids, etc.) but make it meaningful to you. TheRock!3Mount@1ns is an example of an extremely simple passphrase. (Don’t use it — I just gave it to you and all the Bad Guys. I’m sure it’s in a list now used to crack passwords. If you were using it, I’m really sorry. I didn’t know!) The absolute BEST passwords are the randomly generated ones but that can get really hard to manage.

“I have too many passwords to remember as it is and now you want me to make them harder?! Are you CRAZY?!?!”
Well, I’m not quite right, but I wouldn’t call it crazy. 🙂
There are lots of ways to manage passwords. If you are like many of my home clients, you have a workstation or laptop that stays pretty much in one place and that’s where you go to access the Internet. I’m going to suggest something totally radical for you to use as a password manager: a small notebook kept in a drawer somewhere near (but not next to) the machine. Keep each site on a single page so you have room to change the password as you need to. I just made security nerds everywhere scream out in pain. Take heart security nerds, I’m suggesting the electronic solution next. This recommendation is playing the odds — I’m making the assumption that the chances of a physical break in and the criminal specifically looking for and taking that notebook is fairly low. (You had the door locked, right?!?) Way lower than the online Bad Guys.

“Fancy passwords are a real hassle”
There is an electronic management solution — lots of them actually. PC Magazine recently reviewed and proclaimed “The Best Password Managers of 2017“. Don’t want to invest in a management solution? There are free options like a product called Password Safe. Another even more secure option is presented by Felicia King at Quality Plus Consulting making use of Password Safe and a product called YubiKey. She outlines the strategy here.
If you use a product like Password Safe you will be able to randomly generate passwords and electronically store them in an organized fashion. It’s that notebook on your machine. Of course, you’ll want to keep a backup of your password file — but you’re backing up the important data on your machine regularly anyway, right?? Right??

“I’m still confused and need more help.”
You’re in luck — we can help. You can schedule an appointment online here.

The New Normal? The Bad Guys and You Part 1

“How did this happen to me?”
I’m often asked “how did this happen to me?” when cleaning up a machine infected with whatever Bad Guy stuff that was installed. It happens often. Way too much really. The Bad Guys are ramping up their efforts as they find more success. It’s easy and quick to do. Like most criminals, they actively target the easy grab. Too much work is left to more motivated criminals.

“I have nothing worth stealing”
Another popular refrain. Obviously you do, or the effort to trick you into installing the Bad Guy stuff or infiltrating your network wouldn’t exist.

E-Mail: The EUREKA! moment
You likely are using your machine for e-mail. It’s pretty much mandatory these days for all sorts of services and communication. A valid, functional e-mail address might be worth $0.01 (I’m strictly guessing). Get 10,000 or 100,000 or 1,000,000 of those valid e-mail addresses and you’re talking real money that they can get from spammers and the Black Market. If they’re slightly more motivated, they can lock you out and take over your email account.

You just became way more profitable.
Now that they have access and control of your email they also have control of all those other accounts. If you didn’t have them before you can bet you will now. They’ll spend time posting and creating as you so that they can sell off those accounts as well. A Facebook account might be worth $2. An iTunes account maybe worth $5. It’s starting to add up.

It gets worse
Now that they have your e-mail account, they can start REALLY stealing your identity. They can steal credit card info and make fraudulent purchases or simply sell off that information to the highest bidder on the Black Market. They can pose as you and spam any contacts in your email client and possibly trick those contacts into also becoming a victim.

“What am I going to do?”
Check back for “The New Normal? The Bad Guys and You Part 2: The Smack Down”

Wannacrypt? No thanks!!

There’s a new Bad Guy in town and he’s holding us all up for a “King’s Ransom”. Especially if you dislike patching your devices regularly or you’re still steadfastly holding on to that old XP machine. But you ALWAYS update your machine when Microsoft releases patches, right??

According to Dictionary.com, Ransomware is:

“noun, Digital Technology.

1. malware planted illegally in a computer or mobile device that disables its operation or access to its data until the owner or operator pays to regain control or access.”
As reported yesterday (5/13/17) by ZDNet’s Danny Palmer (http://www.zdnet.com/article/wannacrypt-ransomware-microsoft-issues-patch-for-windows-xp-and-other-old-systems/) this one is SO BAD that Microsoft has actually released patches for the “dead” (AKA no longer officially supported without a REALLY expensive contract) OS’s — Windows Server 2003, Windows XP and Windows 8 (including RT).
If you’re using one of these systems, head over to Microsoft’s blog page on the subject (https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/) to get the patches you need.
Need help with this? Want more security advice? Contact Us and let’s talk!

Microsoft Win10 Anniversary Update to be released August 2nd

MicrosoftMary Jo Foley at All About Microsoft reports that Microsoft will be releasing Service Pack 1 (oops — I meant Anniversary Update) on August 2nd just a few short days after the one year release date anniversary of Windows 10 and the end of the free upgrade offer.

Ms. Foley spoke with Terry Myerson (Windows and devices group executive vice president) last week and reports that there will be “…six major buckets of new features…”

Myerson, with whom I spoke last week about the coming update, said there are six major buckets of new features coming in the Anniversary Update. The six: More enterprise security features; Edge browser improvements, including extension support; Windows Ink for better pen use; new Cortana enhancements; and cross-device gaming support.

There will apparently be two new Enterprise features with this update.

On the enterprise front, Enterprise Data Protection, which has been renamed “Windows Information Protection,” will debut as part of Windows 10. This enterprise feature, which Microsoft officials have been touting since 2014, provides file-level encryption for business data and apps in the name of data separation and leak prevention.

The other major, brand-new enterprise security feature which will ship as part of the Anniversary Update is the Windows 10 Defender Advanced Threat Protection threat-intelligence and attack detection service. Sources had told me Microsoft was aiming to make this service available some time in the third calendar quarter of 2016. Extensive testing — by 300 enterprises and with 700,000 endpoints — resulted in the service being ready to roll with the Anniversary Update, Myerson said.

And one more fun promotion from Microsoft for students.

Microsoft also announced today a new back-to-school promotion via which students can get $300 off when buying an Xbox One and Surface together at Microsoft Stores through August 14.